Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server
-
I recently rebuilt my pfSense box from the ground up and started seeing this error after the rebuild. During the rebuild I had a LAN interface up with a different IP address on the subnet reported with the issue but later changed the STATIC IP to the original firewall interface IP after the other box was down.
How do I solve this issue as it is very very vague.
-
Well, you might start by describing what addresses you have where, including the DHCP address pool.
-
@JKnott said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
Well, you might start by describing what addresses you have where, including the DHCP address pool.
LAN Interface is configured with the following:
IPv4 - Static - 192.168.XX.1/23
LAN DHCP -
Subnet - 192.168.xx.0
Subnet mask - 255.255.254.0
Available range - 192.168.xx.1 - 192.168.xx.254
My Range - 192.168.xx.10 - 192.168.xx.200 (I am using the second part of the /23 for DHCP since most is statically assigned)I have another interface with the EXACT same settings and is a /23 but doesn't throw this error.
The only thought I have is somewhere there is a stale entry with the temporary IP I configured on this LAN interface to configure the firewall.
-
@pyrodex said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
I have another interface with the EXACT same settings and is a /23 but doesn't throw this error.
That can't work.
Having twice :
IPv4 - Static - 192.168.XX.1/23 LAN DHCP - Subnet - 192.168.xx.0 Subnet mask - 255.255.254.0 Available range - 192.168.xx.1 - 192.168.xx.254 My Range - 192.168.xx.10 - 192.168.xx.200will throw pool errors - and many more errors.
and why masking(= XX) RFC 1918 addresses ?
( and using them wrong, because "Available range - 192.168.xx.1 - 192.168.xx.254" should be Available range - 192.168.1.1 - 192.168.2.254 so XX = '1' is not XX = '2' ...)
We all use "RFC 1918" ... nothing private with them, except the errors ;) -
@Gertjan said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
@pyrodex said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
I have another interface with the EXACT same settings and is a /23 but doesn't throw this error.
That can't work.
Having twice :
IPv4 - Static - 192.168.XX.1/23 LAN DHCP - Subnet - 192.168.xx.0 Subnet mask - 255.255.254.0 Available range - 192.168.xx.1 - 192.168.xx.254 My Range - 192.168.xx.10 - 192.168.xx.200will throw pool errors - and many more errors.
and why masking(= XX) RFC 1918 addresses ?
( and using them wrong, because "Available range - 192.168.xx.1 - 192.168.xx.254" should be Available range - 192.168.1.1 - 192.168.2.254 so XX = '1' is not XX = '2' ...)
We all use "RFC 1918" ... nothing private with them, except the errors ;)Fine, here is the setup:
DHCP for LAN:
What is wrong?
My IoT interface which is another /23 is the exact same way and not throwing errors.
-
What error(s) are you seeing exactly... "throwing errors" is pretty vague ;)
The client, pfsense - what error are you seeing?
-
Just created :
and
It .... works.
Nothing was thrown at me. -
===group
===@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
What error(s) are you seeing exactly... "throwing errors" is pretty vague ;)
The client, pfsense - what error are you seeing?
From system.log:
Dec 23 08:47:35 firewall php-fpm[28463]: /services_unbound.php: New alert found: Invalid DHCP pool - for LAN subnet 192.168.14.0/23 detected. Please correct the settings in Services, DHCP Server Dec 23 08:47:37 firewall php-fpm[28463]: /services_unbound.php: New alert found: Invalid DHCP pool - for LAN subnet 192.168.14.0/23 detected. Please correct the settings in Services, DHCP Server Dec 23 08:51:24 firewall php-fpm[28463]: /status_services.php: New alert found: Invalid DHCP pool - for LAN subnet 192.168.14.0/23 detected. Please correct the settings in Services, DHCP ServerThis occurs every time I make a change to anything related or attached to the DHCP service.
-
Well from what you posted sure looks fine.
Can you post up your actual config.. Maybe there is something left over or an error there that is causing it..
[2.4.4-RELEASE][admin@sg4860.local.lan]/var/dhcpd/etc: cat dhcpd.conf option domain-name "local.lan"; option ldap-server code 95 = text; option domain-search-list code 119 = text; option arch code 93 = unsigned integer 16; # RFC4578 option custom-lan-0 code 252 = text; option custom-lan-1 code 46 = string; option custom-opt1-0 code 252 = text; option custom-opt9-0 code 252 = text; option custom-opt5-0 code 252 = text; option custom-opt8-0 code 252 = text; option custom-opt6-0 code 252 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; authoritative; subnet 192.168.9.0 netmask 255.255.255.0 { pool { option domain-name-servers 192.168.3.10; ignore-client-uids true; range 192.168.9.200 192.168.9.220; } option routers 192.168.9.253; option domain-name-servers 192.168.3.10; default-lease-time 345600; max-lease-time 792000; option ntp-servers 192.168.3.32,192.168.9.253; option custom-lan-0 "\n"; option custom-lan-1 01; }I didn't show the full file - I have lots of segments and would of been very long, with lots of static entries for clients, etc. etc.. But this is showing my main lan dhcp server settings..
Can you post yours up and we can take a look see at why could cause it to throw that error.
Do you have other pools listed - you can have more than the 1 pool, but looks like you cut off the screen
shot.edit:
example - just added this pool
now if look in my conf I see
subnet 192.168.9.0 netmask 255.255.255.0 { pool { option domain-name-servers 192.168.3.10; ignore-client-uids true; range 192.168.9.200 192.168.9.220; } pool { range 192.168.9.221 192.168.9.223; } option routers 192.168.9.253; option domain-name-servers 192.168.3.10; default-lease-time 345600; max-lease-time 792000; option ntp-servers 192.168.3.32,192.168.9.253; option custom-lan-0 "\n"; option custom-lan-1 01; }So you can see the new range was added.
-
Config:
[2.4.4-RELEASE][root@firewall.lan]/root: cat /var/dhcpd/etc/dhcpd.conf option domain-name "lan"; option ldap-server code 95 = text; option domain-search-list code 119 = text; option arch code 93 = unsigned integer 16; # RFC4578 default-lease-time 7200; max-lease-time 86400; log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; authoritative; subnet 192.168.14.0 netmask 255.255.254.0 { pool { range 192.168.15.20 192.168.15.50; } option routers 192.168.14.1; option domain-name "lan"; option domain-search "lan","iot","dmz"; option domain-name-servers 192.168.14.1; default-lease-time 86400; option ntp-servers 192.168.14.1; option tftp-server-name "192.168.14.31"; next-server 192.168.14.31; if option arch = 00:06 { filename "syslinux32.efi"; } else if option arch = 00:07 { filename "syslinux64.efi"; } else if option arch = 00:09 { filename "syslinux64.efi"; } else { filename "pxelinux.0"; } } host s_lan_0 { hardware ethernet f0:9f:c2:3f:ba:fd; option dhcp-client-identifier "wifi-ap-main"; fixed-address 192.168.14.11; option host-name "wifi-ap-main"; } host s_lan_1 { hardware ethernet 74:83:c2:1a:a7:bc; option dhcp-client-identifier "wifi-ap-upstairs"; fixed-address 192.168.14.12; option host-name "wifi-ap-upstairs"; } host s_lan_2 { hardware ethernet ac:1f:6b:17:25:12; option dhcp-client-identifier "tardis"; fixed-address 192.168.14.31; option host-name "TARDIS"; } host s_lan_3 { hardware ethernet ac:1f:6b:17:24:04; option dhcp-client-identifier "tardis-mgmt"; fixed-address 192.168.14.35; option host-name "tardis-mgmt"; } host s_lan_4 { hardware ethernet 1c:1b:0d:98:e1:03; option dhcp-client-identifier "seedbox-mgmt"; fixed-address 192.168.14.36; option host-name "seedbox-mgmt"; } host s_lan_5 { hardware ethernet 00:eb:ca:e0:06:9d; option dhcp-client-identifier "monitoring"; fixed-address 192.168.14.40; option host-name "monitoring"; } host s_lan_6 { hardware ethernet 02:ff:60:5b:07:f9; option dhcp-client-identifier "tardis-syncthings"; fixed-address 192.168.14.43; option host-name "tardis-syncthings"; } host s_lan_7 { hardware ethernet 00:50:56:86:1a:ed; option dhcp-client-identifier "docker01"; fixed-address 192.168.14.44; option host-name "docker01"; } host s_lan_8 { hardware ethernet 00:50:56:86:c5:97; option dhcp-client-identifier "ansible"; fixed-address 192.168.14.45; option host-name "ansible"; } host s_lan_9 { hardware ethernet 00:0c:29:f2:90:df; option dhcp-client-identifier "util"; fixed-address 192.168.14.46; option host-name "util"; } host s_lan_10 { hardware ethernet 00:50:56:b5:69:94; option dhcp-client-identifier "pihole01"; fixed-address 192.168.14.47; option host-name "pihole01"; } host s_lan_11 { hardware ethernet 00:50:56:b5:2b:9c; option dhcp-client-identifier "pihole02"; fixed-address 192.168.14.48; option host-name "pihole02"; } host s_lan_12 { hardware ethernet 50:85:69:25:d9:a7; option dhcp-client-identifier "master-samsung-6300"; fixed-address 192.168.14.110; option host-name "master-samsung-6300"; } host s_lan_13 { hardware ethernet 38:8c:50:c7:92:2f; option dhcp-client-identifier "den-lg-tv"; fixed-address 192.168.14.111; option host-name "den-lg-tv"; } host s_lan_14 { hardware ethernet 00:05:cd:e9:ea:6c; option dhcp-client-identifier "den-denon"; fixed-address 192.168.14.112; option host-name "den-denon"; } host s_lan_15 { hardware ethernet 40:cb:c0:ed:65:df; option dhcp-client-identifier "den-atv"; fixed-address 192.168.14.113; option host-name "den-atv"; option domain-name-servers 192.168.14.9; } host s_lan_16 { hardware ethernet 08:05:81:ea:5f:f4; option dhcp-client-identifier "master-roku"; fixed-address 192.168.14.114; option host-name "master-roku"; } host s_lan_17 { hardware ethernet 84:d6:d0:86:60:7e; option dhcp-client-identifier "den-aftv"; fixed-address 192.168.14.115; option host-name "den-aftv"; } host s_lan_18 { hardware ethernet dc:a6:32:0a:bc:13; option dhcp-client-identifier "masterhtpc"; fixed-address 192.168.14.117; option host-name "masterhtpc"; } host s_lan_19 { hardware ethernet b8:27:eb:db:f5:1a; option dhcp-client-identifier "guestwithbathhtpc"; fixed-address 192.168.14.118; option host-name "guestwithbathhtpc"; } host s_lan_20 { hardware ethernet b8:27:eb:4a:46:bf; option dhcp-client-identifier "basementhtpc"; fixed-address 192.168.14.119; option host-name "basementhtpc"; } host s_lan_21 { hardware ethernet a4:8d:3b:19:08:c7; option dhcp-client-identifier "basement-vizio-tv"; fixed-address 192.168.14.120; option host-name "basement-vizio-tv"; } host s_lan_22 { hardware ethernet 00:04:20:fa:56:a5; option dhcp-client-identifier "den-harmonyhub1"; fixed-address 192.168.14.121; option host-name "den-harmonyhub1"; } host s_lan_23 { hardware ethernet b8:27:eb:0b:9d:ef; option dhcp-client-identifier "officehtpc"; fixed-address 192.168.14.122; option host-name "officehtpc"; } host s_lan_24 { hardware ethernet 64:12:69:55:2b:5d; option dhcp-client-identifier "directv-hr54"; fixed-address 192.168.14.123; option host-name "directv-hr54"; } host s_lan_25 { hardware ethernet 40:3d:ec:90:e6:72; option dhcp-client-identifier "office-mini-genie"; fixed-address 192.168.14.124; option host-name "office-mini-genie"; } host s_lan_26 { hardware ethernet 40:3d:ec:8b:0c:ea; option dhcp-client-identifier "master-genie-mini"; fixed-address 192.168.14.125; option host-name "master-genie-mini"; } host s_lan_27 { hardware ethernet 00:1e:06:42:32:ed; option dhcp-client-identifier "den4khtpc"; fixed-address 192.168.14.126; option host-name "den4khtpc"; } host s_lan_28 { hardware ethernet 40:3d:ec:90:e6:86; option dhcp-client-identifier "guestwithbath-mini-genie"; fixed-address 192.168.14.127; option host-name "guestwithbath-mini-genie"; } host s_lan_29 { hardware ethernet 40:3d:ec:90:e6:b1; option dhcp-client-identifier "basement-mini-genie"; fixed-address 192.168.14.128; option host-name "basement-mini-genie"; } host s_lan_30 { hardware ethernet 50:32:37:c0:c0:72; option dhcp-client-identifier "master-atv"; fixed-address 192.168.14.129; option host-name "master-atv"; } host s_lan_31 { hardware ethernet 7c:e1:ff:02:63:7e; option dhcp-client-identifier "basement-internet-powerstrip"; fixed-address 192.168.14.142; option host-name "basement-internet-powerstrip"; } host s_lan_32 { hardware ethernet f0:c3:71:56:93:c3; option dhcp-client-identifier "SonicScrewDriver"; fixed-address 192.168.14.200; option host-name "SonicScrewdriver"; } host s_lan_33 { hardware ethernet 4c:56:9d:69:32:b1; option dhcp-client-identifier "richie-ipadpro"; fixed-address 192.168.14.202; option host-name "richie-ipadpro"; } host s_lan_34 { hardware ethernet c4:98:80:49:9a:4b; option dhcp-client-identifier "rebecca-iphone"; fixed-address 192.168.14.204; option host-name "rebecca-iphone"; } host s_lan_35 { hardware ethernet 6c:56:97:26:30:76; option dhcp-client-identifier "rebecca-kindle"; fixed-address 192.168.14.205; option host-name "rebecca-kindle"; } host s_lan_36 { hardware ethernet 30:e1:71:c4:5a:dd; option dhcp-client-identifier "hp-wireless"; fixed-address 192.168.14.206; option host-name "hp-wireless"; } host s_lan_37 { hardware ethernet f8:6f:c1:1f:4f:4f; option dhcp-client-identifier "richie-watch"; fixed-address 192.168.14.207; option host-name "richie-watch"; } host s_lan_38 { hardware ethernet f8:6f:c1:19:87:b3; option dhcp-client-identifier "rebecca-watch"; fixed-address 192.168.14.208; option host-name "rebecca-watch"; } host s_lan_39 { hardware ethernet 00:5b:94:8c:dc:c7; option dhcp-client-identifier "rebecca-ipad"; fixed-address 192.168.14.209; option host-name "rebecca-ipad"; } host s_lan_40 { hardware ethernet b0:6e:bf:d2:31:7b; option dhcp-client-identifier "pyrodex"; fixed-address 192.168.14.220; option host-name "pyrodex"; } host s_lan_41 { hardware ethernet f8:ff:c2:2e:07:fd; option dhcp-client-identifier "morty"; fixed-address 192.168.14.221; option host-name "morty"; } host s_lan_42 { hardware ethernet f0:18:98:1c:bf:a0; option dhcp-client-identifier "friday"; fixed-address 192.168.14.222; option host-name "friday"; } host s_lan_43 { hardware ethernet 08:6d:41:ba:eb:36; option dhcp-client-identifier "rebecca-macbook-air"; fixed-address 192.168.14.223; option host-name "rebecca-macbook-air"; } host s_lan_44 { hardware ethernet 00:e1:11:00:1f:78; option dhcp-client-identifier "friday-wired"; fixed-address 192.168.14.224; option host-name "friday"; } host s_lan_45 { hardware ethernet 00:0c:6c:0a:07:1e; option dhcp-client-identifier "morty-wired"; fixed-address 192.168.14.225; option host-name "morty-wired"; } subnet 192.168.24.0 netmask 255.255.254.0 { pool { range 192.168.25.20 192.168.25.254; } option routers 192.168.24.1; option domain-name "iot"; option domain-search "iot","dmz","lan"; option domain-name-servers 192.168.24.1; default-lease-time 86400; option ntp-servers 192.168.24.1; } host s_opt1_0 { hardware ethernet 44:61:32:d5:79:45; option dhcp-client-identifier "basement-thermostat"; fixed-address 192.168.24.20; option host-name "basement-thermostat"; } host s_opt1_1 { hardware ethernet 44:61:32:c9:02:f9; option dhcp-client-identifier "main-thermostat"; fixed-address 192.168.24.21; option host-name "main-thermostat"; } host s_opt1_2 { hardware ethernet 44:61:32:e6:4c:9b; option dhcp-client-identifier "upstairs-thermostat"; fixed-address 192.168.24.22; option host-name "upstairs-thermostat"; } host s_opt1_3 { hardware ethernet 0c:2a:69:0b:05:e9; option dhcp-client-identifier "rachio"; fixed-address 192.168.24.23; option host-name "rachio"; } host s_opt1_4 { hardware ethernet 04:a1:51:58:50:89; option dhcp-client-identifier "adt-ihub"; fixed-address 192.168.24.24; option host-name "adt-ihub"; } host s_opt1_5 { hardware ethernet d0:52:a8:90:f7:c8; option dhcp-client-identifier "smartthings"; fixed-address 192.168.24.25; option host-name "smartthings"; } host s_opt1_6 { hardware ethernet dc:a6:32:0a:bb:ef; option dhcp-client-identifier "alarmdecoder"; fixed-address 192.168.24.26; option host-name "alarmdecoder"; } host s_opt1_7 { hardware ethernet 18:b4:30:3b:06:f1; option dhcp-client-identifier "den-nest-protect"; fixed-address 192.168.24.27; option host-name "den-nest-protect"; } host s_opt1_8 { hardware ethernet 18:b4:30:9b:5b:6e; option dhcp-client-identifier "upstairs-nest-protect"; fixed-address 192.168.24.28; option host-name "upstairs-nest-protect"; } host s_opt1_9 { hardware ethernet 18:b4:30:9b:5b:fc; option dhcp-client-identifier "basement-nest-protect"; fixed-address 192.168.24.29; option host-name "basement-nest-protect"; } host s_opt1_10 { hardware ethernet 34:d2:70:8a:b5:50; option dhcp-client-identifier "kitchen-echo-dot"; fixed-address 192.168.24.30; option host-name "kitchen-echo-dot"; } host s_opt1_11 { hardware ethernet 68:54:fd:72:f1:6e; option dhcp-client-identifier "master-echo-dot"; fixed-address 192.168.24.31; option host-name "master-echo-dot"; } host s_opt1_12 { hardware ethernet 34:d2:70:eb:c1:33; option dhcp-client-identifier "guest-echo-dot"; fixed-address 192.168.24.32; option host-name "guest-echo-dot"; } host s_opt1_13 { hardware ethernet 34:d2:70:ca:d0:50; option dhcp-client-identifier "office-echo-dot"; fixed-address 192.168.24.33; option host-name "office-echo-dot"; } host s_opt1_14 { hardware ethernet b8:d7:af:33:0b:26; option dhcp-client-identifier "nanit"; fixed-address 192.168.24.34; option host-name "nanit"; } host s_opt1_15 { hardware ethernet 00:0c:29:04:5e:99; option dhcp-client-identifier "zoneminder"; fixed-address 192.168.24.70; option host-name "zoneminder"; } host s_opt1_16 { hardware ethernet 00:50:56:86:26:e5; option dhcp-client-identifier "shinobi"; fixed-address 192.168.24.73; option host-name "shinobi"; } host s_opt1_17 { hardware ethernet c0:56:e3:b4:80:9b; option dhcp-client-identifier "driveway-camera"; fixed-address 192.168.24.90; option host-name "driveway-camera"; } host s_opt1_18 { hardware ethernet c0:56:e3:b4:81:b4; option dhcp-client-identifier "backyard-camera"; fixed-address 192.168.24.91; option host-name "backyard-camera"; } host s_opt1_19 { hardware ethernet c0:56:e3:70:c0:f0; option dhcp-client-identifier "backdoor-camera"; fixed-address 192.168.24.92; option host-name "backdoor-camera"; } host s_opt1_20 { hardware ethernet 28:57:be:0b:fe:f5; option dhcp-client-identifier "frontwalkway-camera"; fixed-address 192.168.24.93; option host-name "frontwalkway-camera"; } host s_opt1_21 { hardware ethernet 44:73:d6:01:d5:14; option dhcp-client-identifier "logicircle"; fixed-address 192.168.24.109; option host-name "logicircle"; } host s_opt1_22 { hardware ethernet e0:4f:43:a2:58:a6; option dhcp-client-identifier "ring-frontdoor"; fixed-address 192.168.24.110; option host-name "ring-frontdoor"; } subnet 192.168.220.0 netmask 255.255.255.0 { pool { range 192.168.220.190 192.168.220.254; } option routers 192.168.220.1; option domain-name "dmz"; option domain-search "dmz","iot","lan"; option domain-name-servers 192.168.220.1; default-lease-time 86400; option ntp-servers 192.168.220.1; } host s_opt2_0 { hardware ethernet 00:0c:29:c0:67:f2; option dhcp-client-identifier "jump"; fixed-address 192.168.220.10; option host-name "jump"; } host s_opt2_1 { hardware ethernet 00:0c:29:92:90:85; option dhcp-client-identifier "winjump-windows10pro"; fixed-address 192.168.220.11; option host-name "winjump-windows10pro"; } subnet 192.168.215.0 netmask 255.255.255.0 { pool { range 192.168.215.200 192.168.215.245; } option routers 192.168.215.1; option domain-name "guest"; option domain-name-servers 192.168.215.1; } [2.4.4-RELEASE][root@firewall.lan]/root: -
I'm not seeing anything in there jumping out at me that should throw an error to be honest.
I'm not a fan of single label domains that is for sure ;) But that wouldn't throw an error about your pool
Can you pull out your options, like you have pxe setup and see if that makes the error go away..
-
@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
I'm not seeing anything in there jumping out at me that should throw an error to be honest.
I'm not a fan of single label domains that is for sure ;) But that wouldn't throw an error about your pool
Can you pull out your options, like you have pxe setup and see if that makes the error go away..
Done and same error:
Dec 23 13:07:41 firewall php-fpm[350]: /services_dhcp.php: New alert found: Invalid DHCP pool - for LAN subnet 192.168.14.0/23 detected. Please correct the settings in Services, DHCP Serveroption domain-name "lan"; option ldap-server code 95 = text; option domain-search-list code 119 = text; option arch code 93 = unsigned integer 16; # RFC4578 default-lease-time 7200; max-lease-time 86400; log-facility local7; one-lease-per-client true; deny duplicates; ping-check true; update-conflict-detection false; authoritative; subnet 192.168.14.0 netmask 255.255.254.0 { pool { range 192.168.15.20 192.168.15.50; } option routers 192.168.14.1; option domain-name "lan"; option domain-search "lan","iot","dmz"; option domain-name-servers 192.168.14.1; default-lease-time 86400; option ntp-servers 192.168.14.1; }
-
So is dhcpd actually running, does it hand out IPs for this scope?
Can we see the full start of log of dhcpd? Are you seeing any other errors about binding to interface or anything like that?
-
@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
So is dhcpd actually running, does it hand out IPs for this scope?
Can we see the full start of log of dhcpd? Are you seeing any other errors about binding to interface or anything like that?
DHCP runs fine and binds to all interfaces configured (vmx0 - vmx3)
[2.4.4-RELEASE][root@firewall.lan]/var/log: ps auxww | grep -i dhcpd root 44059 0.0 0.0 6200 2204 - Is 14:18 0:00.00 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d lan -p /var/run/unbound.pid -u /var/unbound/dhcpleases_entries.conf -h /etc/hosts root 45542 0.0 0.0 6408 2600 - Ss 23:36 1:32.06 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -l /tmp/haproxy_chroot/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf -b 192.168.14.1 dhcpd 56636 0.0 0.0 12584 8224 - Ss 14:18 0:00.01 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid vmx1 vmx2 vmx3 vmx0 root 83462 0.0 0.0 6764 2764 0 I+ 13:08 0:00.00 more dhcpd.conf root 47558 0.0 0.0 6564 2456 1 S+ 14:19 0:00.00 grep -i dhcpd [2.4.4-RELEASE][root@firewall.lan]/var/log:No DHCP log looks clean, he is a log fresh from going to the Web UI and hitting SAVE on the LAN interface in DHCP page. This log also shows me turning WiFi off and on for a device showing it handing out the proper IP based on static. I also have non static clients getting from the range without issue.
Message from syslogd@firewall at Dec 23 14:18:03 ... firewall php-fpm[28463]: /index.php: Successful login for user 'admin' from: 192.168.14.1 (Local Database) Dec 23 14:18:16 firewall dhcpleases: /etc/hosts changed size from original! Dec 23 14:18:16 firewall dhcpleases: Sending HUP signal to dns daemon(15582) Dec 23 14:18:16 firewall dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Dec 23 14:18:16 firewall dhcpleases: kqueue error: unknown Dec 23 14:18:16 firewall dhcpleases: Sending HUP signal to dns daemon(46048) Dec 23 14:18:17 firewall dhcpd: Internet Systems Consortium DHCP Server 4.3.6-P1 Dec 23 14:18:17 firewall dhcpd: Copyright 2004-2018 Internet Systems Consortium. Dec 23 14:18:17 firewall dhcpd: All rights reserved. Dec 23 14:18:17 firewall dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Dec 23 14:18:17 firewall dhcpd: Config file: /etc/dhcpd.conf Dec 23 14:18:17 firewall dhcpd: Database file: /var/db/dhcpd.leases Dec 23 14:18:17 firewall dhcpd: PID file: /var/run/dhcpd.pid Dec 23 14:18:17 firewall dhcpd: Internet Systems Consortium DHCP Server 4.3.6-P1 Dec 23 14:18:17 firewall dhcpd: Copyright 2004-2018 Internet Systems Consortium. Dec 23 14:18:17 firewall dhcpd: All rights reserved. Dec 23 14:18:17 firewall dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Dec 23 14:18:17 firewall dhcpd: Wrote 0 deleted host decls to leases file. Dec 23 14:18:17 firewall dhcpd: Wrote 0 new dynamic host decls to leases file. Dec 23 14:18:17 firewall dhcpd: Wrote 3 leases to leases file. Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx0/00:50:56:b5:29:1a/192.168.215.0/24 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx0/00:50:56:b5:29:1a/192.168.215.0/24 Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx3/00:50:56:b5:af:39/192.168.220.0/24 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx3/00:50:56:b5:af:39/192.168.220.0/24 Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx2/00:50:56:b5:de:62/192.168.24.0/23 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx2/00:50:56:b5:de:62/192.168.24.0/23 Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx1/00:50:56:b5:4a:64/192.168.14.0/23 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx1/00:50:56:b5:4a:64/192.168.14.0/23 Dec 23 14:18:17 firewall dhcpd: Sending on Socket/fallback/fallback-net Dec 23 14:18:17 firewall dhcpd: Server starting service. Dec 23 14:18:17 firewall dhcpleases: Sending HUP signal to dns daemon(46048) Dec 23 14:18:17 firewall dhcpleases: Sending HUP signal to dns daemon(46048) Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 -
@pyrodex said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
firewall php-fpm[350]: /services_dhcp.php
There is where the error is coming from.. Not actually dhcpd, but why have no idea... Do you have any vips or anything.. You didn't set your own odd rules for dhcp on lan did you?
Only thing off the top would be to get rid of all settings and start over.. Changing the range if you need to, and then moving it back to the /23 you want... For the life of me can not understand why your using /23 in the first place... Why would you not just use a /24? You don't seem to have that many clients that /24 would not be enough space.
-
@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
@pyrodex said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
firewall php-fpm[350]: /services_dhcp.php
There is where the error is coming from.. Not actually dhcpd, but why have no idea... Do you have any vips or anything.. You didn't set your own odd rules for dhcp on lan did you?
Only thing off the top would be to get rid of all settings and start over.. Changing the range if you need to, and then moving it back to the /23 you want... For the life of me can not understand why your using /23 in the first place... Why would you not just use a /24? You don't seem to have that many clients that /24 would not be enough space.
Size of the subnet is irrelevant since I have an IoT without the issue setup the same way. But in lieu of testing I disabled DHCP on the LAN, adjusted the RANGE first for a /24 and then when I saved it no error. I changed LAN from /23 to /24, went back in and enabled DHCP which showed the proper /24 subnet mask and all and the same error occurred but for the /24....
Dec 23 18:35:51 firewall php-fpm[49585]: /services_dhcp.php: New alert found: Invalid DHCP pool - for LAN subnet 192.168.14.0/24 detected. Please correct the settings in Services, DHCP ServerWhat is going on with this?
-
I agree the /23 is irrelevant, just a really ODD choice ;) You can not possible have that many devices on each segment that a /23 is called for - do you? ;)
Yes the error is odd, have never seen it in the 10 some years using pfsense..
You don't have any vips or anything setup? Try moving away to a different range completely.. It doesn't say overlap any tunnels or remote networks for say openvpn? You don't have any routes setup for that range or overlap?
Lets call in the big guns @jimp and @Derelict and see if they have any ideas..
-
@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
I agree the /23 is irrelevant, just a really ODD choice ;) You can not possible have that many devices on each segment that a /23 is called for - do you? ;)
Yes the error is odd, have never seen it in the 10 some years using pfsense..
You don't have any vips or anything setup? Try moving away to a different range completely..
Lets call in the big guns @jimp and @Derelict and see if they have any ideas..
I've got a pfblockerng VIP but the issue occurred even before the VIP was in place.
-
That normally defaults to 10.10.10 or something that shouldn't be a issue.. I was thinking something is overlapping... I did a query on the code for services_dhcp.php and I don't even see where that error would be called out..
Do you have anything else that could be possible overlapping that range in someway, a vpn tunnel network or remote, or something else... Is it possible to change it so something completely different say 192.168.100 or something that doesn't overlap any of your other networks.
If that works fine without any errors we can put it back to the 192.168.14, for sure we need to figure out what exactly is causing it.. Even if cosmetic which it seems to be since your saying dhcp is working. The error being generated is not all that helpful.. It sure is valid from a range point of view from what you have posted.
-
These are in comment lines before the error is spit out :
// If the user has changed the subnet from the interfaces page and applied, // but has not updated the DHCP range, then the range to/from of the pool can be outside the subnet. // This can also happen when implementing the batch of changes when the setup wizard reloads the new settings. .... some tests ... // Even though the running interface subnet does not match the pool range, // the interface subnet in the config file contains the pool range. // We are somewhere part-way through a settings reload, e.g. after running the setup wizard. // services_dhcpdv4_configure will be called again later when the new interface settings from // the config are applied and at that time everything will match up. // Ignore this pool on this interface for now and just log the error to the system log.Btw : /etc/inc/services.inc
